Problems with biometric authentication

1,456 views

Published on

This note outlines some of the conceptual cha

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,456
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Problems with biometric authentication

  1. 1. Problems with Biometric AuthenticationProblems with Biometric Authentication NSF (National Science Foundation,USA) Report: Who Goes There? Authentication through the Lens of Privacy “Recommendation: Biometric Technologies should not be used to authenticate users via remote authentication servers because of the potential for large-scale privacy and security compromises in the event of a successful attack (either internal or external) against such servers. The use of biometrics for local authentication – for example, to control access to a private key on a smart card – is a more appropriate type of use for a biometric.”Pitfalls with Biometric Authentication mechanisms:  False Acceptance/False Rejection tradeoff – Acceptable false rejection rate usually means non-negligible false acceptance rate – Very expensive testing required to fully characterize  Biometrics readers often can be fooled by “artifacts” – “Liveness detection” largely a research topic • Very expensive testing needed to verify – For high assurance the reader should be attended or at least observed until we get verifiably strong liveness detectionChallenges to be addressed with Biometrics:In theory, biometrics are a great way to authenticate a user: its impossible to lose yourfingerprint, you cant forget it like you could a password, and its unique to you. In practice,though, there are so many things that, for now, limit a more widespread use of this technology.One of the problems is its uniqueness the thing that makes using biometric data an inherentlyflawed choice for a primary method of authentication. Once you have your fingerprint scannedit will give a unique data sequence which if compromised is not exactly something you canchange. Imagine having an option of only one password ever. One loss and your identity iscompromised for-ever.Another problem is that current scanners still cant recognize if the fingerprint is on a real fingeror an artificial one. In theory, one could get a hold of the users fingerprint using techniquesused in crime detection and transfer it on an artificial finger. This will likely change as thetechnology evolves, but for now the system is still fallible, and not suitable to be a primarysolution to the authentication problem. ArrayShield | info@arrayshield.com Page 1

×